Malicious code in @dle-clo-bento-component/dist (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a652e8cb279a3db5d1420008c3f3fc8c11aab4463f7ed61925ca409f18066b19 The OpenSSF Package Analysis project identified '@dle-clo-bento-component/dist' @ 13.0.0 npm as malicious. It is considered malicious because: -...

CVE-2020-10068 Zephyr Bluetooth DLE duplicate requests vulnerability

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions...

CVE-2018-14777

An issue was discovered in DataLife Engine DLE through 13.0. An attacker can use XSS related to the /addnews.html and /index.php?do=addnews URIs to send a malicious script to unsuspecting Admins or users...

CVE-2018-14777

DataLife Engine (DLE) before or at version 13.0 contains a cross-site scripting (XSS) vulnerability that affects the /addnews.html and /index.php?do=addnews endpoints. An attacker can inject malicious scripts that are rendered inAdmin or user browsers, enabling access to cookies, session tokens, ...

CVE-2013-1412

CVE-2013-1412 affects DataLife Engine 9.7. The vulnerability is a remote PHP code injection in engine/preview.php via the catlist[] parameter, exploited through an insecure preg_replace with the deprecated/e modifier. Public references document remote code execution capabilities and multiple expl...

CVE-2013-7387

CVE-2013-7387 affects DataLife Engine (DLE) 9.7 and earlier . The vulnerability is a session fixation flaw allowing remote attackers to hijack web sessions via the PHPSESSID cookie. The connected documents specify the affected product/version and the attack vector but do not provide concrete reme...

DataLife Engine DLE Forum plugin 2.x SQL Injection Exploit (0day)

DLE Forum is the most popular plugin for DataLife Engine CMS that is widely used by warez sites. Exploit is using blind sql injection and discovers all the admin hashes. Dork has more than 1 million google results. totally 0day. This is private exploit. You can buy it at https://0day.today...

CVE-2010-2005

CVE-2010-2005 affects DataLife Engine 8.3 with multiple PHP remote file inclusion (RFI) vulnerabilities that allow an attacker to execute arbitrary PHP code. The affected vectors are: (1) selected_language to engine/inc/include/init.php, (2) config[langs] to engine/inc/help.php, (3) config[lang] ...

Vulnerabilities in t3m_cumulus_tagcloud for TYPO3

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting и Full path disclosure уязвимостях в плагине t3mcumulustagcloud для TYPO3. Данная XSS уязвимость идентична XSS уязвимости в Tagcloud для DLE http://websecurity.com.ua/3927/. Про миллионы флешек tagcloud.swf уязвимых к XSS атакам я упоминал в...

CVE-2009-3055

CVE-2009-3055 affects DataLife Engine (DLE) 8.2 , with a vulnerability in engine/api/api.class.php that allows remote code execution via a URL in the dle_config_api parameter. Root cause: PHP remote file inclusion . Impact: partial impact on confidentiality , integrity , and availability as state...

CVE-2008-6406

CVE-2008-6406 is an XSS vulnerability reported in DataLife Engine (DLE) 7.2, located in admin.php and exploitable via the query string. The affected component is the admin interface; the underlying issue is improper handling of user-supplied input in the query parameters, allowing an attacker to ...